Title: papapup's Replies | WordPress.org

---

# papapup

  [  ](https://wordpress.org/support/users/papapup/)

 *   [Profile](https://wordpress.org/support/users/papapup/)
 *   [Topics Started](https://wordpress.org/support/users/papapup/topics/)
 *   [Replies Created](https://wordpress.org/support/users/papapup/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/papapup/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/papapup/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/papapup/engagements/)
 *   [Favorites](https://wordpress.org/support/users/papapup/favorites/)

 Search replies:

## Forum Replies Created

Viewing 10 replies - 1 through 10 (of 10 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] HTML Emails on RoundCube Blocked by Wordfence](https://wordpress.org/support/topic/html-emails-on-roundcube-blocked-by-wordfence/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/html-emails-on-roundcube-blocked-by-wordfence/#post-17983202)
 * Hi [@wfpeter](https://wordpress.org/support/users/wfpeter/) ,
 * Can you help on the above to confirm our settings are ok? Anyone from Wordfence
   can help?
 * Appreciate it.
 * Regards,
 * Allan – [@papapup](https://wordpress.org/support/users/papapup/)
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] HTML Emails on RoundCube Blocked by Wordfence](https://wordpress.org/support/topic/html-emails-on-roundcube-blocked-by-wordfence/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/html-emails-on-roundcube-blocked-by-wordfence/#post-17975061)
 * Happy Day [@wfpeter](https://wordpress.org/support/users/wfpeter/) ,
 * Thank you for the update and recommended approaches.
 * We have checked that each Domain A, Domain B and Domain C has its own .htaccess
 * Domain A & B as below. Where else Domain C’s .htaccess with regards to RoundCube
   which I am not publishing here.
 *     ```wp-block-code
       # BEGIN WordPress# The directives (lines) between "BEGIN WordPress" and "END WordPress" are# dynamically generated, and should only be modified via WordPress filters.# Any changes to the directives between these markers will be overwritten.<IfModule mod_rewrite.c>RewriteEngine OnRewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]RewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule># END WordPress# Wordfence WAF<IfModule LiteSpeed>php_value auto_prepend_file '/home/pathto/theDomain/wordfence-waf.php'</IfModule><IfModule lsapi_module>php_value auto_prepend_file '/home/pathto/theDomain/wordfence-waf.php'</IfModule><Files ".user.ini"><IfModule mod_authz_core.c>	Require all denied</IfModule><IfModule !mod_authz_core.c>	Order deny,allow	Deny from all</IfModule></Files># php -- BEGIN cPanel-generated handler, do not edit# Set the “ea-php74” package as the default “PHP” programming language.<IfModule mime_module>  AddHandler application/x-httpd-ea-php74 .php .php7 .phtml</IfModule># php -- END cPanel-generated handler, do not edit
       ```
   
 * For Domain D, we have check that there isn’t any ,htaccess at the /home/pathto
   directory. However, there is one under the /home/pathto/public_html where typically
   Domain D being the primary domain is assigned as below
 *     ```wp-block-code
       RewriteEngine OnRewriteCond %{SERVER_PORT} 80RewriteRule ^(.*)$ https://DomainD.com/$1 [R,L]# php -- BEGIN cPanel-generated handler, do not edit# Set the “ea-php74” package as the default “PHP” programming language.<IfModule mime_module>  AddHandler application/x-httpd-ea-php74 .php .php7 .phtml</IfModule># php -- END cPanel-generated handler, do not edit
       ```
   
 * Where Wordfence is installed, Domain A and Domain B has its own user.ini
 *     ```wp-block-code
       ; Wordfence WAFauto_prepend_file = '/home/pathto/theDomain/wordfence-waf.php'; END Wordfence WAF
       ```
   
 * Can I say in conclusion, there shouldn’t be anything that could redirect it to
   WordFence from RoundCube?
 * While the “learning mode” provide the solution to it, we didn’t experience any
   of these for 4 years until now. Therefore it did prompt us to do a major drill
   down to this matter leading towards WordFence prompting the following code being
   blocked as a potential malicious XSS Cross Site Scripting
 *     ```wp-block-code
       <style type="text/css">@font-face               { font-family: "Cambria Math"; }@font-face               { font-family: DengXian; }@font-face               { font-family: Aptos; }@font-face               { font-family: "Gill Sans MT"; }@font-face               { font-family: Tahoma; }@font-face               { font-family: "@DengXian"; }#replybody1 p.MsoNormal, #replybody1 li.MsoNormal, #replybody1 div.MsoNormal               { margin: 0cm; font-size: 12.0pt; font-family: "Aptos",sans-serif; mso-ligatures: standardcontextual; }#replybody1 span.EmailStyle17               { mso-style-type: personal-compose; font-family: "Aptos",sans-serif; color: windowtext; }#replybody1 .MsoChpDefault               { mso-style-type: export-only; }@page WordSection1               { size: 612.0pt 792.0pt; margin: 72.0pt 72.0pt 72.0pt 72.0pt; }#replybody1 div.WordSection1               {}</style>
       ```
   
 * Looking at the above, it sure don’t look malicious. Can you confirmed?
 * Appreciate your input for this as security is utmost important to us and everyone
   should! 🙂
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] HTML Emails on RoundCube Blocked by Wordfence](https://wordpress.org/support/topic/html-emails-on-roundcube-blocked-by-wordfence/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [1 year, 8 months ago](https://wordpress.org/support/topic/html-emails-on-roundcube-blocked-by-wordfence/#post-17970574)
 * Details in this reply has been added to the above
    -  This reply was modified 1 year, 8 months ago by [papapup](https://wordpress.org/support/users/papapup/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Members - Membership & User Role Editor Plugin] Editor Role Users can access all content restricted pages. Bug?](https://wordpress.org/support/topic/editor-role-users-can-access-all-content-restricted-pages-bug/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/editor-role-users-can-access-all-content-restricted-pages-bug/#post-16823510)
 * LOL! I had to read the paragraph….
 * > The post author, users that can edit the post, and any users of roles with 
   > the restrict_content capability can always view the post, regardless of their
   > role.
 * with this
 * > Since the Editor can edit pages, the Content Permission will not work for them.
 * and staring at the **Content Permission** **section** of the page…. many times
   to get the logic!
 * I guess, the reason the Administrator and Editor role is left there in case the
   role has been altered for whatever reason.
 * Thanks for the great explanation! I suggest that this put up as a FAQ.
 * As for the hook, let me try it out. Will post another question if I need help.
 * Thanks again.
    -  This reply was modified 2 years, 11 months ago by [papapup](https://wordpress.org/support/users/papapup/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Members - Membership & User Role Editor Plugin] Editor Role Users can access all content restricted pages. Bug?](https://wordpress.org/support/topic/editor-role-users-can-access-all-content-restricted-pages-bug/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [2 years, 11 months ago](https://wordpress.org/support/topic/editor-role-users-can-access-all-content-restricted-pages-bug/#post-16820968)
 * My further testing to determine why an Editor Role user still displays the page
   content despite the page content permission is set as other roles is because 
   of two capabilities that somehow let it show the content
   1. edit_others_pages;
   and2. edit_published_pagesNow, the question is truly then, is this a bug ?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] WC+Dokan Lite: Vendor Registration Form Error – Registration Blocked](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [3 years ago](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/#post-16740361)
 * Hi [@wfjanet](https://wordpress.org/support/users/wfjanet/) ,
   Any update to this?
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] WC+Dokan Lite: Vendor Registration Form Error – Registration Blocked](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [3 years ago](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/#post-16698837)
 * [@wfjanet](https://wordpress.org/support/users/wfjanet/) ,
   Disabling the RECAPTHA
   as suggested allow the registration to go thruTo reaffirm the configuration is
   as belowWF -> Login Security -> Settings Tab– WooCommerce Integration = ON– Use
   single-column layout for WooCommerce/shortcode 2FA management interface = ON–
   Enable reCAPTCHA on the login and user registration pages = OFFIf “Enable reCAPTCHA
   on the login and user registration pages” is turned ON, the registration gets
   blocked.NOTE: I have also emailed the diagnostic with the forum username [@papapup](https://wordpress.org/support/users/papapup/)
   Thanks in advance.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] WC+Dokan Lite: Vendor Registration Form Error – Registration Blocked](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [3 years ago](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/#post-16694256)
 * wfjanet ,
   The result is still the same. It’s showing the following error message.**
   REGISTRATION ATTEMPT BLOCKED**: This site requires a security token created when
   the page loads for all registration attempts. Please ensure JavaScript is enabled
   and try again.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Wordfence Security - Firewall, Malware Scan, and Login Security] WC+Dokan Lite: Vendor Registration Form Error – Registration Blocked](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [3 years ago](https://wordpress.org/support/topic/wcdokan-lite-vendor-registration-form-error-registration-blocked/#post-16694227)
 * [@wfjanet](https://wordpress.org/support/users/wfjanet/) ,
   Let me set it up and
   get back to you. Thanks!
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Gutenberg] Gutenberg v15.5.x causing conflict to WooCommerce 7.5.1](https://wordpress.org/support/topic/gutenberg-v15-5-x-causing-conflict-to-woocommerce-7-5-1/)
 *  Thread Starter [papapup](https://wordpress.org/support/users/papapup/)
 * (@papapup)
 * [3 years ago](https://wordpress.org/support/topic/gutenberg-v15-5-x-causing-conflict-to-woocommerce-7-5-1/#post-16692698)
 * Hi [@zoonini](https://wordpress.org/support/users/zoonini/) ,
   The issue is resolved
   for my end.

Viewing 10 replies - 1 through 10 (of 10 total)